CVE-2026-33235: CWE-400: Uncontrolled Resource Consumption in Significant-Gravitas AutoGPT
AutoGPT versions prior to 0.6.52 contain a vulnerability in the Fill Text Template block that allows denial of service via uncontrolled resource consumption. The backend uses a SandboxedEnvironment to restrict unauthorized attribute access but does not limit computational complexity or execution time of expressions. An attacker can exploit this by submitting expensive Python/Jinja2 expressions that exhaust CPU and memory, causing system hangs or crashes. This can lead to service outages and noisy neighbor effects in multi-tenant or self-hosted deployments. The issue is fixed in version 0.6.52.
AI Analysis
Technical Summary
CVE-2026-33235 is a high-severity vulnerability in Significant-Gravitas AutoGPT prior to version 0.6.52. It involves uncontrolled resource consumption (CWE-400) in the Fill Text Template block. Although the backend SandboxedEnvironment prevents unauthorized attribute access, it fails to constrain the computational complexity or execution time of user-supplied expressions. Attackers can craft computationally expensive Python or Jinja2 expressions that consume excessive CPU and memory resources, resulting in denial of service through system hangs or crashes. This vulnerability affects multi-tenant and self-hosted environments, causing service outages and noisy neighbor effects that require manual intervention. The vulnerability has been addressed and fixed in AutoGPT version 0.6.52.
Potential Impact
Exploitation of this vulnerability leads to denial of service by exhausting CPU and memory resources on the server running AutoGPT. This causes the system to hang or crash, resulting in complete service outages. In multi-tenant or self-hosted environments, this can also cause noisy neighbor effects, impacting other tenants or services on the same infrastructure. There is no impact on confidentiality or integrity reported.
Mitigation Recommendations
Upgrade AutoGPT to version 0.6.52 or later, where this vulnerability has been fixed. The fix involves limiting the computational complexity and execution time of expressions in the Fill Text Template block. Until upgraded, administrators should consider restricting access to the vulnerable functionality or monitoring for signs of resource exhaustion. Patch status is confirmed fixed in version 0.6.52.
CVE-2026-33235: CWE-400: Uncontrolled Resource Consumption in Significant-Gravitas AutoGPT
Description
AutoGPT versions prior to 0.6.52 contain a vulnerability in the Fill Text Template block that allows denial of service via uncontrolled resource consumption. The backend uses a SandboxedEnvironment to restrict unauthorized attribute access but does not limit computational complexity or execution time of expressions. An attacker can exploit this by submitting expensive Python/Jinja2 expressions that exhaust CPU and memory, causing system hangs or crashes. This can lead to service outages and noisy neighbor effects in multi-tenant or self-hosted deployments. The issue is fixed in version 0.6.52.
CVSS v3.1
Score 7.7high
Affected software
pkg:github/significant-gravitas/AutoGPTRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-33235 is a high-severity vulnerability in Significant-Gravitas AutoGPT prior to version 0.6.52. It involves uncontrolled resource consumption (CWE-400) in the Fill Text Template block. Although the backend SandboxedEnvironment prevents unauthorized attribute access, it fails to constrain the computational complexity or execution time of user-supplied expressions. Attackers can craft computationally expensive Python or Jinja2 expressions that consume excessive CPU and memory resources, resulting in denial of service through system hangs or crashes. This vulnerability affects multi-tenant and self-hosted environments, causing service outages and noisy neighbor effects that require manual intervention. The vulnerability has been addressed and fixed in AutoGPT version 0.6.52.
Potential Impact
Exploitation of this vulnerability leads to denial of service by exhausting CPU and memory resources on the server running AutoGPT. This causes the system to hang or crash, resulting in complete service outages. In multi-tenant or self-hosted environments, this can also cause noisy neighbor effects, impacting other tenants or services on the same infrastructure. There is no impact on confidentiality or integrity reported.
Mitigation Recommendations
Upgrade AutoGPT to version 0.6.52 or later, where this vulnerability has been fixed. The fix involves limiting the computational complexity and execution time of expressions in the Fill Text Template block. Until upgraded, administrators should consider restricting access to the vulnerable functionality or monitoring for signs of resource exhaustion. Patch status is confirmed fixed in version 0.6.52.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-18T02:42:27.508Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3c4ce14853345fc1df8ce5
Added to database: 06/24/2026, 21:32:17 UTC
Last enriched: 06/24/2026, 21:46:35 UTC
Last updated: 06/25/2026, 03:23:09 UTC
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.